Eurobilltracker-site Feedback.

Concerns? Let us know by posting here.

Moderators: avij, Phaseolus, Fons, dserrano5

User avatar
Burdie
Euro-Master
Euro-Master
Posts: 1897
Joined: Sat Nov 27, 2004 6:59 pm
Location: Ireland
Contact:

Re: Eurobilltracker-site Feedback.

Post by Burdie »

avij wrote:I'm planning to enable DNSSEC for EuroBillTracker at some point. To make sure there won't be issues, I have already configured eurobt.eu to use DNSSEC.

I need your help for testing. Please visit http://eurobt.eu/dnssec/ and see if the page loads.

If you get a "success" message, everything is fine. If not, please tell me which ISP you have and which operating system you have. Please also test the page with any mobile device (phone, tablet) you may have. Thanks.


Also Success here

(Edit) Copied Avij's message ontop of my result, so everyone knows what to do. I think it is not nessersery to reply if you have a "Success"
Personal statistics from: NIGMM / EBTST / EBTcheck 250 Hits with 2 triple :flag-ie: 3 :flag-eu: 410
list of (known by me) latest "codes_country.txt" files Blog
User avatar
Crazy Bob
Forum Moderator
Forum Moderator
Posts: 7363
Joined: Sun May 01, 2005 6:29 pm
Location: Rotterdam, Netherlands

Re: Eurobilltracker-site Feedback.

Post by Crazy Bob »

Success so far on mobile devices:
- iphone 6, ios 10.2.1, both Safari and Firefox Focus give a positive result
- LG G3s, Cyanogenmod 13.1 (Android 6.0.1), both Pale Moon and Firefox give a positive result

Trying it later on with some older "legacy" OSes/browsers
User avatar
giulcenc
Euro-Master
Euro-Master
Posts: 8520
Joined: Mon Feb 06, 2006 9:53 pm
Location: Riccò del Golfo + Lerici (SP - Italy)
Contact:

Re: Eurobilltracker-site Feedback.

Post by giulcenc »

It's OK from Windows10 using Chrome, Firefox and Edge;
and it's ok from my Leagoo Elite 5 mobile phone with Android 5.1 using Chrome.
User avatar
avij
Forum Moderator
Forum Moderator
Posts: 6120
Joined: Mon May 27, 2002 10:45 pm
Location: Helsinki Finland
Contact:

Re: Eurobilltracker-site Feedback.

Post by avij »

Thanks for testing. Testing for different browsers is somewhat unnecessary, because if there are problems, they're not at the browser level but elsewhere. Hostnames are resolved to IP addresses at the operating system level, and the ISP's DNS servers also play a role in this. Theoretically it is possible that the same laptop works fine with DNSSEC-enabled domains when used at home, but does not work when used at work due to different ISPs (or vice versa).
Money makes the world go round. We track how the money goes round the world.
User avatar
avij
Forum Moderator
Forum Moderator
Posts: 6120
Joined: Mon May 27, 2002 10:45 pm
Location: Helsinki Finland
Contact:

Re: Eurobilltracker-site Feedback.

Post by avij »

The DNSSEC test page has now been accessed from 55 different IP addresses. eurobilltracker.eu (only a redirected domain name nowadays) is now DNSSEC-enabled. I'm planning to enable DNSSEC on eurobilltracker.com in about two weeks.

[technical]
.. so that I'd get to test how the automatic zone signing key generation/publishing/activation/retirement/deletion scripts work at the start of each quarter (January, April, July, October). Key signing keys are automatically generated at the end of the year, but I'll still need to cut&paste the KSKs manually to Gandi (the domain name registrar we're using).
[/technical]
Money makes the world go round. We track how the money goes round the world.
User avatar
avij
Forum Moderator
Forum Moderator
Posts: 6120
Joined: Mon May 27, 2002 10:45 pm
Location: Helsinki Finland
Contact:

Re: Eurobilltracker-site Feedback.

Post by avij »

avij wrote:I'm planning to enable DNSSEC for EuroBillTracker at some point.
This has now been done. Technical analysis shows no problems, so I hope it works. This was the 9th domain name for which I've enabled DNSSEC, and the others haven't shown any problems either.
Money makes the world go round. We track how the money goes round the world.
User avatar
avij
Forum Moderator
Forum Moderator
Posts: 6120
Joined: Mon May 27, 2002 10:45 pm
Location: Helsinki Finland
Contact:

Re: Eurobilltracker-site Feedback.

Post by avij »

From elsewhere:
avij wrote:It may be possible that we will block unencrypted logins via the website as well at some point, but no decision about this has been made yet.
I'm thinking of making logins https only from October 1st onwards. In practise, the "Secure login" checkbox will be removed and the secure login mode is selected by default. If you have concerns about this, please let me know.
Money makes the world go round. We track how the money goes round the world.
User avatar
avij
Forum Moderator
Forum Moderator
Posts: 6120
Joined: Mon May 27, 2002 10:45 pm
Location: Helsinki Finland
Contact:

Re: Eurobilltracker-site Feedback.

Post by avij »

Regarding DNSSEC, I was asked privately about that by two different persons, so perhaps I'll write the answer here for the benefit of everyone. If you're not into computer science, feel free to stop reading this message now.

DNSSEC's primary use case is to prevent DNS hijacking. With DNSSEC, validating DNS resolvers can check that there's a valid chain of signed zones, starting from root ., then on to .com and finally to .eurobilltracker.com. If there's a mismatch in the signatures somewhere along the path and a validating resolver is in use, the queried address will not resolve to an IP address. Because .com's records indicate that .eurobilltracker.com is signed, any responses from a malicious name server that pretends to be eurobilltracker.com's name server will be ignored because the malicious persons can't generate the correctly signed data themselves.

In all honesty, this has not been a real threat to us. I implemented this primarily because of academic interest. The tools for this are rather good nowadays. Automating everything and figuring out the proper timing for key creation/publishing/activation/revocation/deletion were the parts that required the most thinking. But I'm happy now -- most everything in this is automated, I only have to update the key signing keys to the registries manually once a year. The next time I need to update the KSKs is at the end of the year. If I'm feeling nerdish enough I may automate this step as well. I looked briefly at Gandi's documentation about this, and it seemed fairly straightforward. Zone signing keys are created and installed automatically every three months. Some sources say to create the ZSKs every month, but as I felt there's no particular threat, I'm creating those only every three months to reduce some complexity and to reduce some DNS traffic. When keys are being changed, two of them are active at the same time for a period of time, and it increases the size of the DNS responses. As of now, DNSSEC Visualizer shows that there are two ZSKs, one in use (id 33435) and the other (id 45666) waiting to be activated. Tomorrow the zone will be signed by both of the keys, and on 6th April the zone will be signed with only the new key, and on 8th the old key will be removed. Here's a screenshot of the current situation:
eurobilltracker.com-2017-04-01-12-42-48-UTC.png
eurobilltracker.com-2017-04-01-12-42-48-UTC.png (113.38 KiB) Viewed 1614 times
I had done the work for my own personal domains before this, and making eurobilltracker.com DNSSEC-enabled required only creating the keys, publishing the KSK in .com zone and adding eurobilltracker.com to my list of automatically managed zones.

Of course there are also some disadvantages. If some script I use does not work properly, it will cause eurobilltracker.com to become unreachable for those users using a validating DNS server. If you want to know if the DNS server you are using validates the responses, go to DNSSEC Resolver Test and press the "Start test" button. Another disadvantage is that DNSSEC increases the size of the responses, causing more DNS traffic. Some DNS servers can also be used for DDoS by creating requests from a forged source address, and having DNSSEC enabled makes those responses sent to an innocent victim bigger. Therefore I'm limiting the amount of responses per IP address to some sane amount to make EBT's name servers less interesting for DDoS purposes.
Money makes the world go round. We track how the money goes round the world.
User avatar
negative
Forum Moderator
Forum Moderator
Posts: 367
Joined: Sat Oct 04, 2014 2:53 pm
Location: Kaunas, Lithuania

Re: Eurobilltracker-site Feedback.

Post by negative »

Would it be possiblle to correct the translation in the message after you enter the notes.
Some grammar would be good to correct as well (marked in colour)

In lithuanian version we have text:
Back to the input form (išsaugiti kaip pastovius)

Needs to be:
Grįžti suvesti naują banknotą (išsaugoti kaip pastovius)
save as.JPG
save as.JPG (13.64 KiB) Viewed 1537 times
User avatar
lmviterbo
Euro-Master
Euro-Master
Posts: 6518
Joined: Thu Aug 21, 2003 5:23 pm
Location: Lisboa, Portugal
Contact:

Re: Eurobilltracker-site Feedback.

Post by lmviterbo »

negative wrote:Needs to be:
Grįžti suvesti naują banknotą (išsaugoti kaip pastovius)
Done, thanks.
User avatar
Elmo
Euro-Master
Euro-Master
Posts: 4184
Joined: Mon Oct 14, 2002 4:16 pm
Location: Leiden (Netherlands)

Re: Eurobilltracker-site Feedback.

Post by Elmo »

I just entered 53 new Belgian :note-5: with the wrong shortcode, and I am trying to enter a contact form to change it. However, I get the message "Please enter a valid printer code!", so apparently it doesn't accept Z004 as shortcode. Can somebody have this problem fixed?
Of all the words of mice and men, the saddest are 'It might have been.' - Kurt Vonnegut
User avatar
lmviterbo
Euro-Master
Euro-Master
Posts: 6518
Joined: Thu Aug 21, 2003 5:23 pm
Location: Lisboa, Portugal
Contact:

Re: Eurobilltracker-site Feedback.

Post by lmviterbo »

Elmo wrote:I just entered 53 new Belgian :note-5: with the wrong shortcode, and I am trying to enter a contact form to change it. However, I get the message "Please enter a valid printer code!", so apparently it doesn't accept Z004 as shortcode. Can somebody have this problem fixed?
Have you tried Z004% ?
User avatar
Elmo
Euro-Master
Euro-Master
Posts: 4184
Joined: Mon Oct 14, 2002 4:16 pm
Location: Leiden (Netherlands)

Re: Eurobilltracker-site Feedback.

Post by Elmo »

I mistakenly entered a bunch of :note-5: with Z004I3 as shortcode, but when I want to change them to Z004E2 (the coorect shortcode) I get the message to enter a valid shortcode.
Of all the words of mice and men, the saddest are 'It might have been.' - Kurt Vonnegut
ErGo
Euro-Master
Euro-Master
Posts: 5950
Joined: Wed Oct 05, 2005 2:12 pm
Location: Vienna, Austria
Contact:

Re: Eurobilltracker-site Feedback.

Post by ErGo »

Elmo wrote:I mistakenly entered a bunch of :note-5: with Z004I3 as shortcode, but when I want to change them to Z004E2 (the coorect shortcode) I get the message to enter a valid shortcode.
Yes, this seems to be a bug, when you create a support request. No problems with shortcodes starting with other letters.

I changed the 53 notes for you - so the support tool is not affected by this.
User avatar
avij
Forum Moderator
Forum Moderator
Posts: 6120
Joined: Mon May 27, 2002 10:45 pm
Location: Helsinki Finland
Contact:

Re: Eurobilltracker-site Feedback.

Post by avij »

Elmo wrote:I just entered 53 new Belgian :note-5: with the wrong shortcode, and I am trying to enter a contact form to change it. However, I get the message "Please enter a valid printer code!", so apparently it doesn't accept Z004 as shortcode. Can somebody have this problem fixed?
This is a little bit more complicated than what it might initially look like.. The main problem is that the support system does not currently support requests where it might be possible that the requested printer code (or denomination) would be OK for some of the notes in the request but not OK for some other notes in the request.

Let's take a fictional example of someone asking to change the printer code of all their notes starting with serial X to X001A1. This would only be valid for Europa series notes, and only for denominations 10 and 20. Likewise if the request was to change the X notes' printer code to P001A1, that request would only be valid for non-Europa notes. The same kind of checks would need to be made for changing the denominations, because some resulting combinations might not be vailid.

Although your request was clearly about Europa banknotes, the system is currently not smart enough to figure that out. The tools that the support people use do not have this restriction, because it's assumed that the support people know what they're doing. Changing the notes one by one would also work, because in that situation there's no ambiguity of whether the note is an Europa note or not.

That said, this is clearly a bug. There is already a Babel constant M_SUPPORTERROR_MIX_EUROPA reserved for the error message "When changing the denomination or printer code, it's not allowed to include both Europa and non-Europa banknotes. Please file separate requests for each kind of banknotes." but as the system is currently not capable of detecting whether there would be such problems, the error message is not emitted at all.
Money makes the world go round. We track how the money goes round the world.
Post Reply

Return to “Feedback and Development”